PT-2017-17012 · Linux+3 · Linux Kernel+3

Publicado

2017-02-27

·

Atualizado

2023-06-21

·

CVE-2017-6346

CVSS v3.1

7.0

Alta

VetorAV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 4.9.13
Description A race condition exists in the Linux kernel, specifically in the net/packet/af packet.c file, which can be exploited by local users through a multithreaded application that makes PACKET FANOUT setsockopt system calls. This can lead to a denial of service (use-after-free) or possibly have other unspecified impacts.
Recommendations For Linux kernel versions prior to 4.9.13, update to version 4.9.13 or later to resolve the issue. As a temporary workaround, consider restricting the use of the PACKET FANOUT setsockopt system call in multithreaded applications to minimize the risk of exploitation.

Correção

DoS

Race Condition

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-362CWE-416

Identificadores relacionados

ALT-PU-2017-1215
ALT-PU-2017-1216
CVE-2017-6346
DLA-849-1
DSA-3804-1
MGASA-2017-0088
MGASA-2017-0089
MGASA-2017-0090
OPENSUSE-SU-2017_0906-1
OPENSUSE-SU-2017_0907-1
SUSE-SU-2017:1183-1
SUSE-SU-2017:1247-1
SUSE-SU-2017:1360-1
SUSE-SU-2017:1990-1
USN-3265-1
USN-3265-2
USN-3361-1
USN-3422-1
USN-3422-2

Produtos afetados

Alt Linux
Linux Kernel
Suse
Ubuntu